CF
Uploaded byCsaba Fitzl
224 views

GateKeeper - bypass or not bypass?

Gatekeeper only verifies executables run through the open command or by double clicking, not those run through other means like using terminal. While experiments 2-4 seemed to bypass Gatekeeper, they were actually expected behavior. Gatekeeper's goal is to prevent execution of downloaded applications only when users double click them. In Catalina, Gatekeeper also verifies executables run through exec and performs malware checks on every execution, closing the previous bypass methods. Plist files can still be executed regardless of quarantine attributes, allowing for potential remote code execution. Bringing your own virtual machine is another avenue to achieve malware goals without host access.

Technology
Related topics:
Information Security

Embed presentation

Download to read offline
GateKeeper Bypass or not bypass? Csaba Fitzl Twitter: @theevilbit
whoami • red teamer, ex blue teamer • kex - kernel exploitation python toolkit • recent macOS research • husband, father • hiking • yoga
the goal Understand how GateKeeper works and when it is invoked, show ways to bypass / avoid it.
Mojave
tests gone wrong • while working on something: • create pkg/mach-o file unsigned locally and run • download a unsigned pkg/mach-o and run it from Terminal • never got a GateKeeper popup • what? why?
experiment prep • create a meterpreter mach-o • serv via HTTP • download • ensure quarantine flag is present
experiment #1 • double click • use ‘open’ command
experiment #2 • add executable rights • run • enjoy your shelz
experiment #3 • create plist file • load it • enjoy your shelz
experiment #4 • create code that wraps it • compile, run • enjoy your shelz
what? • is experiment 2-4 a bypass or not? • seemed to be well known, but even Patrick Wardle was unsure: • let’s ask Apple!! • not a bypass, expected behaviour
conclusion Gatekeeper only verifies executables, which are run with the `open` command or the user double clicks (=LaunchServices) on first run. It won’t verify files, that are executed through other means like, directly executing a binary `./myapp` regardless of the quarantine attribute. If you can place a plist file inside LaunchAgents/LaunchDaemons, the command inside will also be executed. Although it’s not clearly stated everywhere, but I think the overall goal is prevent execution when users double-click applications downloaded from the Internet. If you go and grant execution rights, I think Apple assumes ‘advanced’ users in that case and will not deal with it. This is my take on it.
i still want a bypass / RCE • plist file inside LaunchAgents will be loaded regardless of the ‘q’ flag • idea: let’s drop a plist file there during download • Safari auto unzips files (default) - (protip: TURN THIS FEATURE OFF!!) • let’s try to redirect files • after plenty of hours, days, weeks - no luck, no escape from the ‘Downloads’ folder
• if we can’t do it, let’s ask the user to do it :D • how do you install apps on macOS? D&D. • let’s create something similar
creating your DMG • replace the symlink on the right • add an icon to your plist file (Get Info) • arrange your DMG layout • result:
demo time
Catalina
changes • on top of Mojave, GK is also invoked if • executed via ‘exec’, etc… (on first run) • malware check on *every* execution (not just 1st run) • the previous experiments won’t work • although it was well known to everyone (bypass GK via ‘exec’), no one raised it to Apple, likely only me, thus:
yet to be fixed - plist • plist files are still loaded regardless of the ‘q’ attribute • you can put shell scripts inside • D&D trick is killed in Catalina (user’s can’t D&D to symlinks pointing to LaunchAgents folder)
bring your own VM :) • Qemu is supported on macOS, signed • use that to run a VM (cryptominer malware) • not useful if you need to access user data • useful if you only need CPU power
?
Credits / References • Icons made by Freepik, Prosymbols, good-ware from FlatIcon • https://developer.apple.com/videos/play/wwdc2019/701 • https://blog.malwarebytes.com/mac/2019/06/new-mac-cryptominer- malwarebytes-detects-as-bird-miner-runs-by-emulating-linux/ • https://objective-see.com/blog/blog_0x32.html • https://speakerdeck.com/patrickwardle/shmoocon-2016-gatekeeper- exposed-come-see-conquer

More Related Content

PPTX
Invoke-Obfuscation nullcon 2017
byDaniel Bohannon
 
PDF
Mitigating Exploits Using Apple's Endpoint Security
byCsaba Fitzl
 
PDF
Exploiting XPC in AntiVirus
byCsaba Fitzl
 
PDF
SANS DFIR Prague: PowerShell & WMI
byJoe Slowik
 
PDF
Getting root with benign app store apps vsecurityfest
byCsaba Fitzl
 
PDF
How to convince a malware to avoid us
byCsaba Fitzl
 
PDF
Getting root with benign app store apps
byCsaba Fitzl
 
PDF
Exploiting Directory Permissions on macOS
byCsaba Fitzl
 
Invoke-Obfuscation nullcon 2017
byDaniel Bohannon
 
Mitigating Exploits Using Apple's Endpoint Security
byCsaba Fitzl
 
Exploiting XPC in AntiVirus
byCsaba Fitzl
 
SANS DFIR Prague: PowerShell & WMI
byJoe Slowik
 
Getting root with benign app store apps vsecurityfest
byCsaba Fitzl
 
How to convince a malware to avoid us
byCsaba Fitzl
 
Getting root with benign app store apps
byCsaba Fitzl
 
Exploiting Directory Permissions on macOS
byCsaba Fitzl
 

What's hot

PDF
Revoke-Obfuscation
byDaniel Bohannon
 
PPTX
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
byDaniel Bohannon
 
PPTX
Catch Me If You Can: PowerShell Red vs Blue
byWill Schroeder
 
PDF
Seven perilous pitfalls to avoid with Java | DevNation Tech Talk
byRed Hat Developers
 
PPTX
Adventures in Asymmetric Warfare
byWill Schroeder
 
PDF
Malicious Payloads vs Deep Visibility: A PowerShell Story
byDaniel Bohannon
 
PPTX
DevOOPS: Attacks and Defenses for DevOps Toolchains
byChris Gates
 
PPTX
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
byRob Fuller
 
PPTX
Pantheon basics
byPlasterdog Web Design
 
PPTX
Obfuscating The Empire
byRyan Cobb
 
PDF
Laravel Forge: Hello World to Hello Production
byJoe Ferguson
 
PDF
Testing Automaton - CFSummit 2016
byOrtus Solutions, Corp
 
PDF
SymfonyCon Madrid 2014 - Rock Solid Deployment of Symfony Apps
byPablo Godel
 
PPTX
Wielding a cortana
byWill Schroeder
 
PDF
DevSec Defense
byDaniel Bohannon
 
PPTX
Pwnstaller
byWill Schroeder
 
PPTX
Pwning with powershell
byjaredhaight
 
PPTX
Get-Help: An intro to PowerShell and how to Use it for Evil
byjaredhaight
 
PPTX
10 Laravel packages everyone should know
byPovilas Korop
 
PPT
Introduction to Apache Ant
byMuhammad Hafiz Hasan
 
Revoke-Obfuscation
byDaniel Bohannon
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
byDaniel Bohannon
 
Catch Me If You Can: PowerShell Red vs Blue
byWill Schroeder
 
Seven perilous pitfalls to avoid with Java | DevNation Tech Talk
byRed Hat Developers
 
Adventures in Asymmetric Warfare
byWill Schroeder
 
Malicious Payloads vs Deep Visibility: A PowerShell Story
byDaniel Bohannon
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
byChris Gates
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
byRob Fuller
 
Pantheon basics
byPlasterdog Web Design
 
Obfuscating The Empire
byRyan Cobb
 
Laravel Forge: Hello World to Hello Production
byJoe Ferguson
 
Testing Automaton - CFSummit 2016
byOrtus Solutions, Corp
 
SymfonyCon Madrid 2014 - Rock Solid Deployment of Symfony Apps
byPablo Godel
 
Wielding a cortana
byWill Schroeder
 
DevSec Defense
byDaniel Bohannon
 
Pwnstaller
byWill Schroeder
 
Pwning with powershell
byjaredhaight
 
Get-Help: An intro to PowerShell and how to Use it for Evil
byjaredhaight
 
10 Laravel packages everyone should know
byPovilas Korop
 
Introduction to Apache Ant
byMuhammad Hafiz Hasan
 

More from Csaba Fitzl

PDF
macOS Vulnerabilities Hiding in Plain Sight
byCsaba Fitzl
 
PDF
20+ ways to bypass your mac os privacy mechanisms
byCsaba Fitzl
 
PDF
SecurityFest-22-Fitzl-beyond.pdf
byCsaba Fitzl
 
PDF
Csaba fitzl - Mount(ain) of Bugs
byCsaba Fitzl
 
PDF
Exploit generation and javascript analysis automation with WinDBG lu
byCsaba Fitzl
 
PDF
Launch and Environment Constraints Overview
byCsaba Fitzl
 
PDF
Exploit generation automation with WinDBG (Hacktivity 2017)
byCsaba Fitzl
 
PDF
The Final Chapter - Unlimited Ways to Bypass Your macOS Privacy Mechanisms
byCsaba Fitzl
 
macOS Vulnerabilities Hiding in Plain Sight
byCsaba Fitzl
 
20+ ways to bypass your mac os privacy mechanisms
byCsaba Fitzl
 
SecurityFest-22-Fitzl-beyond.pdf
byCsaba Fitzl
 
Csaba fitzl - Mount(ain) of Bugs
byCsaba Fitzl
 
Exploit generation and javascript analysis automation with WinDBG lu
byCsaba Fitzl
 
Launch and Environment Constraints Overview
byCsaba Fitzl
 
Exploit generation automation with WinDBG (Hacktivity 2017)
byCsaba Fitzl
 
The Final Chapter - Unlimited Ways to Bypass Your macOS Privacy Mechanisms
byCsaba Fitzl
 

Recently uploaded

PDF
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
PDF
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
PDF
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
PDF
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PDF
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
PDF
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
PPTX
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
PDF
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
PDF
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
PDF
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
PDF
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PDF
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
PDF
MuleSoft Meetup: Dreamforce'25 Tour- Vibing With AI & Agents.pdf
byTintu Jacob Shaji
 
PPTX
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
PDF
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
PDF
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
PDF
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
PPTX
Connecting the unconnectable: Exploring LoRaWAN for IoT
byasasiraarthur
 
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
MuleSoft Meetup: Dreamforce'25 Tour- Vibing With AI & Agents.pdf
byTintu Jacob Shaji
 
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
Connecting the unconnectable: Exploring LoRaWAN for IoT
byasasiraarthur
 

GateKeeper - bypass or not bypass?

  • 1.
    GateKeeper Bypass or notbypass? Csaba Fitzl Twitter: @theevilbit
  • 2.
    whoami • red teamer,ex blue teamer • kex - kernel exploitation python toolkit • recent macOS research • husband, father • hiking • yoga
  • 3.
    the goal Understand howGateKeeper works and when it is invoked, show ways to bypass / avoid it.
  • 4.
  • 5.
    tests gone wrong •while working on something: • create pkg/mach-o file unsigned locally and run • download a unsigned pkg/mach-o and run it from Terminal • never got a GateKeeper popup • what? why?
  • 6.
    experiment prep • createa meterpreter mach-o • serv via HTTP • download • ensure quarantine flag is present
  • 7.
    experiment #1 • doubleclick • use ‘open’ command
  • 8.
    experiment #2 • addexecutable rights • run • enjoy your shelz
  • 9.
    experiment #3 • createplist file • load it • enjoy your shelz
  • 10.
    experiment #4 • createcode that wraps it • compile, run • enjoy your shelz
  • 11.
    what? • is experiment2-4 a bypass or not? • seemed to be well known, but even Patrick Wardle was unsure: • let’s ask Apple!! • not a bypass, expected behaviour
  • 12.
    conclusion Gatekeeper only verifiesexecutables, which are run with the `open` command or the user double clicks (=LaunchServices) on first run. It won’t verify files, that are executed through other means like, directly executing a binary `./myapp` regardless of the quarantine attribute. If you can place a plist file inside LaunchAgents/LaunchDaemons, the command inside will also be executed. Although it’s not clearly stated everywhere, but I think the overall goal is prevent execution when users double-click applications downloaded from the Internet. If you go and grant execution rights, I think Apple assumes ‘advanced’ users in that case and will not deal with it. This is my take on it.
  • 13.
    i still wanta bypass / RCE • plist file inside LaunchAgents will be loaded regardless of the ‘q’ flag • idea: let’s drop a plist file there during download • Safari auto unzips files (default) - (protip: TURN THIS FEATURE OFF!!) • let’s try to redirect files • after plenty of hours, days, weeks - no luck, no escape from the ‘Downloads’ folder
  • 14.
    • if wecan’t do it, let’s ask the user to do it :D • how do you install apps on macOS? D&D. • let’s create something similar
  • 15.
    creating your DMG •replace the symlink on the right • add an icon to your plist file (Get Info) • arrange your DMG layout • result:
  • 16.
  • 17.
  • 18.
    changes • on topof Mojave, GK is also invoked if • executed via ‘exec’, etc… (on first run) • malware check on *every* execution (not just 1st run) • the previous experiments won’t work • although it was well known to everyone (bypass GK via ‘exec’), no one raised it to Apple, likely only me, thus:
  • 19.
    yet to befixed - plist • plist files are still loaded regardless of the ‘q’ attribute • you can put shell scripts inside • D&D trick is killed in Catalina (user’s can’t D&D to symlinks pointing to LaunchAgents folder)
  • 20.
    bring your ownVM :) • Qemu is supported on macOS, signed • use that to run a VM (cryptominer malware) • not useful if you need to access user data • useful if you only need CPU power
  • 21.
  • 22.
    Credits / References •Icons made by Freepik, Prosymbols, good-ware from FlatIcon • https://developer.apple.com/videos/play/wwdc2019/701 • https://blog.malwarebytes.com/mac/2019/06/new-mac-cryptominer- malwarebytes-detects-as-bird-miner-runs-by-emulating-linux/ • https://objective-see.com/blog/blog_0x32.html • https://speakerdeck.com/patrickwardle/shmoocon-2016-gatekeeper- exposed-come-see-conquer